Demi Marie Obenour

> > A less intrusive notification near the corner of the screen could easily go entirely unnoticed. If awareness is required, then these users are out of luck. Thankfully, there...

Why use GRUB instead of systemd-boot? GRUB has a history of security holes that it takes a long time to fix. > protection of xen/kernel parameters Is this necessary for...

> (if this isn't supported mode, it will require a xen patch). No Xen patch should be necessary: the command line to `xen.efi` is treated as part of Xen’s own...

> Unfortunately, there seems to be a regression in `xen.efi` proven on hardware (Novacustom V54) and QEMU, which causes the following `#GP`: Was this with UEFI Secure Boot enabled or...

Is something like bbf824933f71eca90b5f07a51fa93f4fa7ac2256 needed for H3 as well, or will that wait until the unification is done?

If I use `req.hdr(something)` in my HAProxy configuration, will that return the value with the space included or stripped? If it returns the value with the space included, it could...

This looks like it could have a more severe impact if the backend server uses nghttp2, as nghttp2 discards headers with leading or trailing whitespace. If HAProxy is supposed to...

For what it is worth, it appears that h2o (used by Fastly) does return 400 if a header has a forbidden character in its value.

> I think it's needed at the moment (I need to further investigate), but it's very minor and till now only caused occasional connection hiccups between haproxy and varnish, so...

Makes sense! For clarification, would critical checks be things things like the “no NUL, CR, or LF” check?